• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Running an App as Root
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running an App as Root

  • Subject: Re: Running an App as Root
  • From: Chris Hanson <email@hidden>
  • Date: Tue, 4 Nov 2003 20:45:39 -0600
On Nov 4, 2003, at 8:35 PM, David Blanton wrote:
Thanks for the solution.

What we need to do is 'silently' do some root stuff, i.e. Not present the
Authentication Panel to accomplish our goals.

Don't. Seriously.

The authentication panel is *important*. Making sure users know that something risky is going on is *important*.

The technique demonstrated by AuthSample and MoreAuthSample minimizes the number of times the authentication panel comes up. In typical use, the user should only see it once, the first time they try to perform an action that requires authorization. Because the helper tool will configure itself to be setuid-root (and will check the authorization ID it's passed before performing any actions), subsequent runs of the tool will no longer show the authorization panel.

Well see about flipping some bits somewhere.

Don't. Please. No end-user Cocoa application should *ever* ship setuid-root, which is what it sounds like you want to do. Shipping an application that way is a big security hole.

This is why I said it's extremely important to know exactly how AuthSample and MoreAuthSample work before jumping into your own code. Since you're talking about "flipping some bits somewhere" it looks like you haven't taken the time to do that. (It looks like you just said "Authorization dialog? No way! Let's just be setuid root then.") Read and understand AuthSample and MoreAuthSample before you even *think* of writing another line of code. Your users -- and their security -- will thank you.

-- Chris

--
Chris Hanson, bDistributed.com, Inc. | Email: email@hidden
Outsourcing Vendor Evaluation | Phone: +1-847-372-3955
Custom Mac OS X Development | Fax: +1-847-589-3738
http://bdistributed.com/ | Personal Email: email@hidden
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • Re: Running an App as Root
      • From: Shawn Erickson <email@hidden>
    • Re: Running an App as Root
      • From: John Randolph <email@hidden>
    • Re: Running an App as Root
      • From: OL&L Dev 2 <email@hidden>
References: 
 >Re: Running an App as Root (From: David Blanton <email@hidden>)

  • Prev by Date: Re: Running an App as Root
  • Next by Date: Re: unsigned 16 digit integer data type?
  • Previous by thread: Re: Running an App as Root
  • Next by thread: Re: Running an App as Root
  • Index(es):
    • Date
    • Thread